We're having trouble with our F-Prot integration in Mail Enable 8.61 in that sometimes it works and sometimes it doesn't. It's not working at the moment and this means it won't catch any viruses, other than the test Eicar one. The exact same configuration was working until about 5pm, yesterday, after which no more viruses have been caught. F-Prot's resident shield is turned off, so there's no conflict there.

As part of my lengthy investigations into this ongoing issue, I ran the MTA in debug mode and read through some of the output. Whilst F-Prot seems to scan clean attachments, when a known virus comes along (I can tell by the name of the attachment), the scan doesn't seem to be initiated. In the debug output, Mail Enable logs "Skipping encoded attachment" in the place where the scan activity should be. What does this mean? I can see it's been mentioned on a handful of occasions in the past, but there are no definitive answers. Why is Mail Enable seemingly not firing up F-Prot for these attachments?

Thank God someone else is having issues with F-Prot on the same version of MailEnable as me.

Today i logged onto one of my Mail Vms in our cluster and noticed an unexpected shutdown notice. After digging through the event logs it looks as though F-Prot started consuming way too many resources due to an attachment Filering Rule in MailEnable suddenly choosing not to fire and getting several viral messages per second. Filters choosing not to work sporadically has been a consistent headache I have had with MailEnable for the past 2 years. It never truly gets resolved, I usually turn services on and off disable filters and re-enable and randomly it will work again with exactly the same settings as before.

I'm not sure which came first, but it would appear as though MailEnable and F-Prot are no longer working together nicely in my environment. I see gaps in my MEAVGEN logs over the past week on both of my clustered Mail Nodes example below

Today message filter logs simply aren't showing the Mailenable VIRUS Filter Rule being executed at all. I go to the MTAFILTER-report from a few days ago and it was firing pretty regularly, I could see it being applied to messages.

At the same time F-Prot pops up with a notification with "DESCRIPTION File Not Found FILENAME EICAR.ZIP STATUS removed". So I come to the conclusion that real time scanning must be picking it up and FPROT is deleting it before mailenable can do anything. Ok, then lets add a folder exclusion to F-Prot, this shouldn't be a problem as I would assume this only excludes real-time scanning and not the individual calls for fpscan.exe. So I exclude the scratch folder then test. The test passes. I restart MailEnable Services and wait. The MTAFilterReport is still not showing the rule being executed on at all and I am still getting the below in the MEAVGEN report

So I figure well maybe the exclusion is being applied to fpscan.exe, Mailenable is asking for a return code and isn't getting one or is getting a clean status due to the directory being excluded.... so I remove the exclusions and turn off real time protection completely. I go through the whole process of testing the MailEnable Antivirus filter properties and it passes. Now I restart and wait again. Still the same results. In fact, now the MEAVGEN report isn't even logging anymore, last update was over 40 minutes ago.

So your probably thinking, "Ok well we need to eliminate 3rd party pickup events." We have 7 Mailenable filters, the first using mailenable to specify certain headers to not be filtered. the second is using criteria script to stop filtering on certain domains, the third using criteria script to stop filtering on certain mailboxes, the fourth takes attachments we don't allow, copies message quarantine and deletes, the 5th is the Virus Rule that copies message to quarantine and deletes, the 6th is a rule that says if a message is larger than 712000 stop processing filters, and the 7th is rule that checks against spam assassin, then copies to quarantine and deletes. I have tried disabling these all except for the virus rule to no avail.